Media player offered with worm

A batch of digital media players sold by a Dutch importer over the holidays appear to have been infected with a nasty stocking stuffer: a worm.

By
Jeremy Kirk, IDG News Service
| Jan 08, 2008

| IDG News Service

Share

TwitterFacebookLinkedInGoogle Plus

A batch of digital media players sold by a Dutch importer over the holidays appear to have been infected with a nasty stocking stuffer: a worm.

One user reportedly discovered the worm, Worm.Win32.Fujack.aa, after opening the Victory LT-200, a 512 MB USB media player sold by Victory Nederland, wrote Roel Schouwenberg, a senior research engineer, for Kaspersky on a company blog.

At least one other variant of the Fujack worm has been observed to spread other programs that can steal passwords for online games, according to information previously published by Kaspersky.

"We've contacted the company concerned," Schouwenberg wrote. "They told us they were aware that a few months ago there was a partially infected batch of these MP3 players, and that they'd taken steps to fix the problem."

Only three people have complained about the worm so far, said Joost Blom, managing director of Victory Nederland. The media player is made in China, although Blom declined to name the manufacturer.

Blom said the manufacturer scans the media players for problems before the devices are shipped. It's possible that one of the PCs used to scan the players was infected with the worm, which then ended up on some players.

Blom said his company has scanned a portion of the devices and not found any more that are infected.

Worms and viruses on removable storage devices can be particularly dangerous since the applications can be set to automatically run when the devices are plugged into a PC running Windows XP, Schouwenberg wrote. Microsoft fixed this in its Vista OS, which prompts a user before automatically running a program.

It's not the first time storage drives have been infected at some point during the manufacturing process. Seagate warned in November that a small number of its Maxtor drives were infected with a malicious software program that also stole passwords for online games.

The malware targeted the popular World of Warcraft game, as well as the Chinese games QQ, WSGame and AskTao.

The best countermeasure for users is to ensure their anti-virus software is up-to-date and scan new drives for malware upon connection to a PC.

"This case shows clearly that you should always exercise caution when handling unknown external storage media, whether it's fresh out of the box or passed to you by a friend or colleague," Schouwenberg wrote.